Re: Security constraints for different contexts

[Rahman Syed]

Just wanted to ask this question again...does anyone have any ideas??  I'm 
really stuck here, any good tutorials or resources about security 
constraints would be helpful.  All of the ones I've seen online only handle 
one constraint at a time, I've never seen how they work in terms of "best 
match first" or otherwise.

Thanks,
Rahman
At 7/2/2004 11:47 AM, you wrote:
Hello,
I'm using Tomcat 5.0.25 and I'd like to use container-based security to 
restrict access to one specific page.  The problem is that this page 
exists in different contexts, but using the same docbase.  You can get a 
better idea by looking at the first snippet included below.

You can see that the application itself is installed by default at context 
"/wiki", and there will be additional copies at "/wiki/wikione" and so 
on.  My goal is to restrict /wiki/Edit.jsp to one role, 
/wiki/wikione/Edit.jsp to another role, etc.  The web.xml I'm using right 
now doesn't even prompt for authentication at all; the only time I can get 
it to authorize anything is when I only have one security constraint, for 
url-pattern "/Edit.jsp".

Is there an easy to way to achieve this?  Thanks...
Rahman
Server.xml snippet:
     <Context path="/wiki/wikione" docBase="wiki" debug="0">
          <Parameter name="jspwiki.propertyfile" 
value="C:\tomcat\webapps\wiki\WEB-INF\wikione.properties"
                     override="false"/>
     </Context>


The application's web.xml snippet:
   <security-constraint>
       <web-resource-collection>
           <web-resource-name>Protected Area</web-resource-name>
           <url-pattern>/wiki/Edit.jsp</url-pattern>
           <http-method>DELETE</http-method>
           <http-method>GET</http-method>
           <http-method>POST</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>
       <auth-constraint>
           <role-name>wikiadmin</role-name>
       </auth-constraint>
   </security-constraint>
   <security-constraint>
       <web-resource-collection>
           <web-resource-name>Protected Area</web-resource-name>
           <url-pattern>/wiki/wikione/Edit.jsp</url-pattern>
           <http-method>DELETE</http-method>
           <http-method>GET</http-method>
           <http-method>POST</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>
       <auth-constraint>
           <role-name>wikioneadmin</role-name>
       </auth-constraint>
   </security-constraint>
   <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>JSPWiki Editor</realm-name>
   </login-config>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]